Modifying Certipy to Evade Microsoft Defender for Identity PKINIT Detection
Bypassing Microsoft Defender for Identity Suspicious certificate usage over Kerberos protocol (PKINIT) high severity alert.
Daniel Underhay
A Cost Effective Covert Implant for Red Teamers
A quick post about making a more cost effective cover implant using a common wired mouse.
Git-Rotate: Leveraging GitHub Actions to Bypass Microsoft Entra Smart lockout
Explore how GitHub Actions can be leveraged to rotate IP addresses during password spraying attacks to bypass IP-Based blocking such as Entra Smart lockout.
Hook, Line, and Phishlet: Conquering AD FS with Evilginx
A detailed walkthrough of the process and hurdles faced in leveraging Evilginx3 to conduct a successful phishing campaign on a AD FS protected domain.
Device Code Phishing: A Frontend UI
A framework for OAuth 2.0 device code authentication grant flow phishing.
Adobe ColdFusion - Path Traversal Vulnerability
CVE(s): CVE-2019-8074 Vendor: Adobe Product: ColdFusion Version(s) affected: 2018 Update 4 and earlier versions, 2016 Update 11 and earlier versions Fixed version: 2018 Update 5, 2016 Update 12 Adobe security bulletin details Path Traversal Vulnerability (CVE-2017-5219) # By default, custom applications built using the Adobe ColdFusion platform would block access to the admin portal. Access is restricted (usually) based on IP address, which is added to an allowlist. Any attempts to access the admin portal (for example - https://example.com/CFIDE/administrator/index.cfm), will result in a redirect to the main page of the application.